*****

This is a hack.
This is not guaranteed to work.
Twitter may change their website at any time.
I am not responsible if something breaks or you decide to delete all your DM’s.
Nor am I responsible if your friends get mad at you for deleting your sent DM’s from their Inbox.

*****

That being said, I’d like to introduce my DM Whacker, DM Deleter, DM Sniper, whatever you want to call it I created a tool to delete your direct messages en-masse on Twitter. After the recent debacle regarding direct messages being exposed, I definitely saw a need amongst some Tweeters do delete their direct messages.

I need to thank @chris4403 who posted his awesome Twitter Translate bookmarklet recently. Were it not for that, I would not have had the motivation nor the codebase off which to build my first bookmarklet.

With that introduction, I’d like to point you in the direction of the new DM Deleter. Simply drag the link that’s in that page up to your Firefox or Safari bookmark bar, navigate to your direct messages, click the bookmark and select your options to delete your DM’s once and for all. The tool allows you to delete all of your messages, or just messages from certain friends.

My apologies for the additional link, but I just wanted to reinforce the point that this tool will delete your direct messages forever. So, use it with care.

Feedback welcome. The ability to delete sent messages will be added in as well soonhas been added in version 0.2.4.

This is going to be a quick post, mostly because I’m tired from working on that other site and I really need to get some sleep.

I’ve been doing some serious pcap analysis lately. You know the type…where you’ve dumped numerous pcap’s with tcpdump and the wonderful -C parameter. Being the type of guy that I am, I wanted to visualize the traffic I’d captured to identify what was going on. Here’s a few argus commands I used to get the job done. Note I’ve used back slashes (\) to separate the commands onto multiple lines

# Extract specific src mac addresses I'm interested in
for i in `ls ~/captures/pcap*`; do
  /usr/local/sbin/argus -mAJZRU 256 -r $i -w src_macs.argus - \
  ether src 00:00:00:11:22:33 or ether src 00:00:00:33:22:11;
done

Fantastic - now I’ve got an argus data stream that contains traffic solely from a mac or two I was interested in.

# Now let's take a look at top usage for each IP address
racluster -r src_macs.argus -m proto saddr dport -w - | \
  rasort -m saddr pkts -s saddr dport pkts | more

Now that we’ve manually looked through that data and found the top ports (argus used to have a -topN option, but I couldn’t seem to find it) let’s draw some nice-looking graphs. This splits the graph out into directories by date and generates graphs in each directory representing traffic for each particular mac address.

# For each mac address, generate daily usage for the "interesting" ports we saw above
macs="00:00:00:11:22:33 00:00:00:33:22:11"
ports="23 53 80 139 389 443 445 3389 1521"
filter_string=`echo $ports | sed 's/[[:digit:]]*/dst port & or/g' | sed 's/ or$//'`

for mac in ${macs}; do
  rasplit -r src_macs.argus -M time 1d -w "archive/%Y_%m_%d/${mac}.arg" - \
    "(${filter_string}) and (ether src ${mac})";
done

find archive -name *.arg | xargs -I {} \
  ragraph pkts dport -M 1m -r {} -fill -stack -w $(dirname {})/`basename {} .arg`.png

It’s not perfect and it took me quite a while to understand the intricacies of argus (-w - is different from just not specifying an output file, for example), but it’s definitely a start down the road.

So nearly a month to the day after releasing my Twitter Stats perl script, I finally made a webified version. You can check it out over at TweetStats.com.

This was really more of an engine for me to get up to speed on Ruby on Rails (RoR) than anything. I’ve been wanting to play with Ruby for a while now, but really just didn’t have the motivation. I’d like to keep making regular updates to the site as there are several features I’m hoping to add such as dynamic graphs that allow you to zoom in on your timeline, an auto-follow bot that will keep your stats constantly up-to-date, and a widget you can put on your site if you so desire. Although I’ve enjoyed working on the site, I would like to relax for a little bit.

The experience with RoR has been fairly pleasant. It’s a well thought-out framework that lends itself to quick and efficient development once you wrap your head around the model. The only downside, and really what kept me from being able to put the site up faster, was the usage of some gems like BackgrounDRb. While a great idea, a fractured development community and somewhat buggy coding gave me many a headache in the past week, ultimately leading to two redesigns of the backend code and consumed two weekends of my life. I won’t say the code is perfect, it’s far from it. But it’s been fun and hopefully people enjoy the site.

The Internet is an invaluable resource and you can find many links I used via my del.icio.us rails tag. The most useful by far was Dominiek.com’s Building a .Com in 24 hours and you will see similar design patterns on my site. I had this page open nearly the entire time I was developing the site. It was a great aid throughout the entire process.

Finally, a special thanks to somebody that sat up with me throughout the night as I muttered away coding to myself.

For whatever reason (perhaps it’s the slowness of Twitterific, or the lack of any other application to satisfy my Twitter-craving) I wanted to be able to Tweet from Quicksilver. A quick Google led me to an AppleScript to Tweet from Quicksilver, but alas…it was a year old and not functional.

So, two hours later - allow me to present an updated version of the script:

using terms from application "Quicksilver"
	on process text im_text
		repeat with im_delimiter_position from 1 to (length of im_text)
			if character im_delimiter_position of im_text = ":" then exit repeat
		end repeat
		set im_contact_name to characters 1 thru (im_delimiter_position - 1) of im_text as string
		set im_message to characters (im_delimiter_position + 2) thru (length of im_text) of im_text as string
		tell application "Adium"

			set user to first contact whose (status type is available and (display name starts with im_contact_name or title starts with im_contact_name))

			if not (exists (chats whose contacts contains user)) then
				tell account of user to (make new chat with contacts {user} with new chat window)
			end if

			send (first chat whose contacts contains user) message im_message
		end tell
		return nothing
	end process text
end using terms from

The procedures for installation and usage are the same.

• Paste the script into Script Editor and save it in ~/Library/Application Support/Quicksilver/Actions as Send As IM.scpt.
• Cmd+Space, period, “Contact name: Message”, tab, S, enter.

I now return you to your regular Twedule.

Final Update to This Post For those not following along at home, I finally took Twitter Stats to the next level and released a webified version over at TweetStats.com. I, somewhat unfortunately, had to go with TweetStats as twitterstats.com was already taken. I made a post about it here and you can see an example of my stats on the site on the graphs page.

So I’ve been a user on Twitter for a little over a year, but it wasn’t until recently when I hit 2000 tweets that I wanted to see what my Twitter history looked like over that period. Ever being the statistics nerd, I pulled down all of my tweets and using a combination of curl, sed, grep, Excel, and Numbers, managed to generate some nice graphs.

Being the automation weenie that I am, I eventually hacked together a perl script that did everything except paste the data into Numbers.Although I won’t post it here (because I think the Twitterocracy would have a cow with how it’s implemented), you can DM me your email and I’ll send you the code and instructions. See below - bugs be damned, I’ve made it publicly available.

Basically, the script pulls down all your tweets and stores them in an csv file. It then runs some statistics on the csv file and then copies the resulting stats to the OS X clipboard to paste into each table within Numbers. If run with a pre-existing tweets csv file, the script will calculate the different between your current status count and only download the pages necessary, thus saving the Twitter servers from some bandwidth.

For the record, here are mine.

Update Thanks to kosmar for pointing out that I can actually do this entire thing without your password. Head => Wall. I’ll be updating it accordingly and hopefully even making a webservice out of it soon.

In addition to not needing your password, the script should also adjust the times for your tweets to whatever the system time is where you run the script.

Another update: I’ve also posted the script on my site and you can download it here: twitter_stats.zip. Feel free to contact me with any questions via twitter or web.dpc at dcortesi . com.

Many people have noticed a large after-lunch spike around 2pm. At least for me, this was due to Twitter being down most of the morning one day and then tweeting like crazy when it came back online.

BUG FOUND AND SQUASHED

There was a small bug that cropped up after I switched the script to not require your password. It accounts for the odd “[Tuesday|January|2pm] Peak” that people were seeing. This bug has now been fixed and an updated script is available. My apologies.

Unfortunately, if want the most accurate tweets, you will have to rm your csv file and run the script again.

Date::Calc aka failure on line 13
Some of you (on Tiger?) may be missing the Date::Calc module that I use to figure out weekdays. Although I tried to use as few perl modules as possible, this one was essential. Use the following command (thanks to a couple twitter peeps for the reference) to install:
sudo perl -MCPAN -e 'install Date::Calc' and keep hitting ‘y’.

Final (hopefully) Update on this page as it’s getting messy.

For those of you not on OS X with Numbers, there are a few options:
@bck webified my code (w00t): Twitter Stats
@mmc decided to use gnuplot: Twitter Stats in SVG Using GNUPlot
@cbarrett modified it to utilize the Google Chart API: Twitter Stats with GChart
@kejadlen reverse engineered my original script to Ruby: Twitter Stats in Ruby

I still want to write my own webified version (Google Chart aesthetics leave a little bit to be desired…), but I have yet to settle on an option that I like.

So my personal laptop’s hard drive recently bit the dust, or so I think. I haven’t had time to bring it in and get it checked out…but it doesn’t boot and it makes a strange, repeating sound that doesn’t sound so good when I try to boot it up. It’s not a clicking, per-say, but more of what seems like a failure of the actuator arm trying to move across the platter. …but what do I know?

In any case, I’ve been managing my music libraries across a couple different computers but since my personal one went down I’ve been looking for a way to re-populate some of my smart playlists that were based on comments. One of the most common ways I use these is for categorizing dance music. For example, if I’m listening a song and I think it’s a good swing song I’ll update the comment to include “Dance, Swing”. And then I just have a Smart Playlist that looks for comments with Swing in them.

The problem is, many of these songs weren’t in my other library. I keep most of my music on a shared server, so luckily I didn’t lose it. But what I wanted to do was go through my music library (several thousand songs as of this writing) and figure out which songs I had tagged with those specific Dance comments. The UNIX command-line to the rescue!

There’s a tool out there called id3v2 that reads ID3 information from mp3 files (the majority of my collection). Using that and the wonders of find and grep, I was able to list out which files contained the Dance comment:

find /mp3/ -name "*.mp3" -exec sh -c 'id3v2 -l "$1" | egrep "COMM.*Dance.*" && echo $1' '{}' '{}' \; | tee dance_mp3.txt

I had to do a little fu to be able to use pipes in the exec command, but I found out how to do that on this useful article.

I wish I had been syncing playlists (among other useful things…:-() before the drive failure, but alas…

And people wonder why I love Unix/Bash. I had to combine a few different files yesterday that had email addresses, but with different delimiters and a bunch of dupes. This basically goes through those files, standardizes the delimiters, sorts it in a fashion to get find the emails with the most info, uniq’s out the dupes, and then reorders it into a csv file.

Schwag.

sed 's/:/,/g' Email\ List.txt | tr -d "'" | sort -r | awk -F, '{print $2"\t__"$3"\t__"$1}' | sed 's/^[ ^t]*//;s/[ ^]*$//' | uniq -f2 | tr -d "__" | sort | tr "\t" "," > Emails.csv


OK, so perhaps the title is a little misleading, but here’s an interesting excercise in taking a look at issues that have been patched within the .NET framework. There’s a great tool out there by Lutz Roeder called .NET Reflector. Reflector allows you to generate source code (C#, C++, ILAsm, heck even PowerShell) from .NET assemblies. This will be our primary tool for this task.

There was an advisory last month regarding some critical vulnerabilities in the .NET Framework (MS07-040). There was one in issue in particular that was quite interesting:

An information disclosure vulnerability exists in .NET Framework that could allow an attacker who successfully exploited this vulnerability to bypass the security features of an ASP.NET Web site to download the contents of any Web page.

That sounds pretty interesting, but I had yet to see many details beyond that and I was somewhat curious as to where in the code this seemingly simple issue lay. So let’s dig in.

I made a copy of my Framework in C:\WINDOWS\Microsoft.NET\Framework and then installed the relevant patch. Assuming that the issue was in System.Web.dll, I opened each version of that dll in Reflector and exported the source code. Although Reflector does include an assembly diff utility, I wasn’t able to open the two dll’s at the same time as they have the same assembly version. So I had to manually diff the source files until I came on something…”interesting”.

internal static void CheckSuspiciousPhysicalPath(string physicalPath)
{
    if (((physicalPath != null) && (physicalPath.Length > 0)) && (Path.GetFullPath(physicalPath) != physicalPath))
    {
        throw new HttpException(0×194, “”);
    }
}

This CheckSuspiciousPhysicalPath didn’t exist in the previous revision of System.Web.dll and seems like it is attempting to address the issue mentioned in MS07-040. Note that CheckSuspiciousPhysicalPath compares the results of the original physicalPath variable and Path.GetFullPath(physicalPath) and GetFullPath will throw an exception if the path contains any invalid characters.

So now we have at least one potential place where an additional check for nulls is being performed. What’s left is to see if there are other locations and at the same time drop a breakpoint on this piece of code and see if we can trigger it.

From time-to-time, I need an old version of IE due to application compatibility or for “other” security testing.  MultipleIE has saved me numerous times, so I figured I’d blog a blog about it. I also came across some good tools on the Edge-Security site, many of which I’ve had the inclination to begin in previous lives but ended up never finishing. Thanks, guys!

I like JavaScript…I really do. Despite what most people say about it, it can be quick, efficient and very effective in a pinch. In the past I’ve used it to automatically capture screenshots and even alert me when I got out of the online waiting room while trying to pick up some Cubbie tix. So without further ado, here’s a quick snippet I came across that you can paste in your location bar to create a GUID:

javascript:function S4(){return (((1+Math.random())*0x10000)|0).toString(16).substring(1)}(S4()+S4()+"-"+S4()+"-"+S4()+"-"+S4()+"-"+S4()+S4()+S4())

I must give credit where credit is due - I snagged this from a John Stockon made on the very same issue.

Since that string is kind of long, you can also just click here to try it out.